Security company CertiK has uncovered a $5 million security flaw in the cross-chain bridge known as Wormhole. The flaw, if exploited, could have led to significant financial losses. CertiK’s research team identified a critical bug in Wormhole, which involved the incorrect application of public and entry modifiers, leaving the blockchain vulnerable to potential multimillion-dollar exploits.
In a social media post, CertiK explained how they detected and prevented the flaw in the network. The company emphasized the importance of proactive security practices and highlighted the role of open-source software in enhancing security and transparency in the Web3 world.
Wormhole is a platform that facilitates the transfer of tokens and data between different blockchain networks. It was created by Jump Trading Group and is widely used as a bridge linking the Ethereum and Solana blockchains.
Notably, Wormhole experienced a major DeFi attack in 2022, resulting in the loss of approximately $321 million. Hackers exploited the Wormhole Bridge, causing a significant loss of wETH tokens. An investigation conducted by pseudonymous researcher Pland revealed that the Wormhole team failed to exclude certain wallet addresses associated with the exploit, leading to the massive loss of crypto assets.
To understand the severity of the 2022 attack, it is crucial to comprehend the workings of cross-chain bridges, according to Chainalysis.
In April 2024, CertiK reported that the combined losses from crypto-related hacks and scams were at their lowest, totaling approximately $25.7 million. This figure represents the lowest recorded hacks since CertiK began monitoring such incidents in 2021, with a decrease in flash loan attacks and private critical hacks.
